PP-SDLC The privacy protecting systems development life cycle

Access Status

Authors

Date

Type

Metadata

Abstract

Many new Privacy Laws and Regulations have placed an increased importance on the correct design and implementation of information systems. This is an attempt to preserve and protect user and information privacy. Incorporating privacy regulations and guidelines into an active information system is often unsuccessful and ineffective. In addition, systems that have already progressed through the development life cycle can very expensive to change once implemented. We propose the integration of privacy preservation methodologies and techniques into each phase of the system development life cycle (SDLC). This is to preserve the privacy of individuals and to protect PII (Personally Identifiable Information) data. The incorporation of IT Security measures in each SDLC phase is also discussed. This is due to its direct relevance and correlation with information system privacy issues. The proposed methodology involves identifying the privacy and security issues in each phase. From there appropriate privacy protecting and security techniques are applied to address these issues. Special mention is made of the recently proposed Common Criteria. The CC is an international standard for IT Security for Information Systems. Specifically, this paper will analyse the way the Common Criteria currently deals with privacy in information systems, and what is needed to improve its current inadequate handling of information privacy.

Related items

With the increasing number of proposals and approaches to privacy protection, it has become very difficult to build information systems that provide comprehensive protection for a very broad range of information privacy ...

When considering information security and privacy issues most of the attention has previously focussed on data protection and the privacy of personally identifiable information (PII). What is often overlooked is consideration ...

When considering information security and privacy issues most of the attention has previously focused on data protection and the privacy of personally identifiable information (PII). What is often overlooked is consideration ...